Set Permissions for the BYOK Service by Configuring Each Azure Key Vault

You can set permissions for the BYOK service by configuring each Azure Key Vault.

For each KeyControl Vault managed Key Vault:

  1. Navigate to Azure > Key vaults > <Key Vault name> > Access policies.
  2. Use Add Access Policy to add permissions to the BYOK application.
  3. In Key Permissions, select All Key Management Operations and Privileged Key Operations.
  4. Select Principal > BYOK application.
  5. Select Add.

Important:  

  • When new Key Vaults are created, the permissions have to be set for them as well. If you want to use a template, you can use the Key Management template. However, you will need to select purge explicitly in the privileged key options.

  • Do not select Purge protection on the Key Vaults.